Plenty of opportunities for securtiy channel

Negar Salek

Security threats are multiplying at an alarmingly fast rate and an economic downturn will not deter cybercriminals from continuing their pursuit for profit in 2009.

In fact, it is probable that the situation provides rather good ammunition for cybercriminals and the channel to take advantage of the unstable circumstances.

This year, the web itself became the playpen for professional hackers who freely embedded malicious code on legitimate, albeit vulnerable websites including popular news and sports sites.

The option of opting out of a surreptitious infection by deleting an email or avoiding opening an attachment was snatched out of the users’ hands – no longer were these precautionary measures at the user’s discretion. On an infected website, users are unknowingly infected, as the look and feel of the site remain unchanged.

In its most up-to-date data, security vendor Sophos told CRN that in Australia alone 1500 websites were infected in October.

“That’s something like one new web infection every five seconds,” said Mark Harris, global director of SophosLabs during his recent visit to Sydney.

Ninety-three percent were legitimate websites: a wedding site, a beauty shop and a record company just to name a few.

“Using compromised websites to store malware rather than sending out malware is the sort of threat that will continue and grow even more,” said Harris.

In this underground economy, growth is certainly the forecast for next year. Going by the estimated millions of malware samples detected in 2008, we can already expect incomprehensible volumes in 2009.

According to Adam Biviano, Trend Micro’s key partner and alliance manager, back in 2004 malware samples reached 68,000 for the year.

“Today, malware is multiplying at a stupid rate and is a lot more sophisticated,” he said.

On the upside, (if there is one) the bad guys aren’t the only ones with the skills to develop sophisticated tools.

Security experts have proactively developed protective technologies that are quietly combatting the threats.

Amongst those technologies, the traditional anti-virus practice of releasing a new signature or update for every new threat is well and truly redundant. Security experts strongly believe that this method will not keep cybercriminals at bay.

“From our point of view we will talk a lot more about reputation, which is a combination of blacklisting and whitelisting.

That can be as simple as I’ve got a whitelist of files that I trust or it can be as complicated as connecting to heuristic scanners, real-time scanners and having them work smarter and better than they are today,” said Vincent Weafer, VP security response for Symantec.

Some vendors such as Secure Computing (recently acquired by McAfee) jumped on the heuristic and behavioural bandwagon early.

Others including Symantec are now increasingly adopting the technology.

“We’ve always taken the balance and that balance has always been more signature based than behavioural, now we’re starting to change that balance. I do believe that if we’re to look forward two or three years we certainly expect that the signature protection component should become far less
over time,” said Weafer.

In order to enhance the efficiency of security even more, Weafer believes in the coming year the channel will be hearing a lot more about ‘in the cloud [security], either blacklist scanning in the cloud or whitelist scanning in the cloud as well as whitelisting technologies in general.

“If you heard some of that this year, you’ll hear a lot more about it next year,” he said.

Meanwhile, while security experts enhance their counter-attack methods against web threats, cybercriminals are already on the move planning new and even more sophisticated assaults on emerging technologies.

At a Trend Micro online security seminar for resellers and end-users in Sydney last month, Trend Micro invited speakers from VMware and Gartner to discuss all things security in an increasingly virtualised computing world. This is a snippet of what they were told:

“Hypervisor attacks are just under two years away,” warned Andrew Walls, research director for Gartner APAC.

At this point [end-users] should be thinking that there’s about a year till you need to be ready, if you’re running virtual machine systems.”

A hypervisor is a very small purpose-built hardened kernel that handles all the hardware interactions of virtual machines, explained Walls. It’s a virtual machine monitor that sits on top and then above that individual virtual machines are run.

“That’s the model going forward,” he said.

This emerging threat creates opportunity for security resellers and distributors to begin leveraging market share.

As predicted, businesses using virtualised computing have an estimated two years to prepare for the pending attacks and 2009 is going to be the year where businesses need to be educated and purchase the technologies that protects them.

Dominic Whitehand, managing director for distributor WhiteGold Solutions, said virtualisation security will be a hot buy in 2009 and preparations are already underway at WhiteGold.

“We’re certainly going to be looking in depth at Web 2.0 and virtualisation,” he said.

“The way it’s presented online opens up doors for further exploitation, we’ve got to look into that.

There are opportunities for new products there so we’ll be looking at some of those.”

Gartner has identified that in order for virtual machines to evolve securely they require core trustable architecture. They need tamper protection across virtual machines and hypervisors.

They also need trusted configuration capabilities and trusted updates. “All these pieces have to actually be in place before we can say we have a secure environment,” Gartner analyst Walls explained.

In spite of the technical requirements, a major issue around virtual computing lies amongst the people who manage it. According to Walls, “Like most new technologies, when you roll this out you’re going to make mistakes. You’re going to configure things the best way you know how and a year later you’re going to say, whoops.

“As a result many of the virtual machine deployments we’re seeing out there are flawed,” added Walls.

Darren O’Loughlin is the general manager for security at Dimension Data Australia. In the IT security industry for 15 years, his experience comes from the Victoria Police Computer Crime and Investigation Squad where he worked as a detective for 15 years, five of which in the Computer Crime Squad.

When asked what he anticipates will be the IT security trends for 2009, his response was not surprising. “What Dimension Data needs to do and what our clients need to do is take into account the economic climate.

“During these times, unfortunately good people do bad things, they get concerned with the uncertainty, they look at protecting their own personal interests, sometimes it’s not malicious and sometimes it’s just more about self preservation,” he said.

Speaking of course about the current economic climate, O’Loughlin is referring to the surge in corporate redundancies spreading throughout the world.

In recent weeks, Sun Microsystems announced job cuts of 6000, Fairfax media recently cut 550 jobs, Citigroup is getting ready to cull 50,000 workers – 2500 in Australia.

As O’Loughlin warns, job losses can lead to disgruntled workers who may be forced to take desperate action. The action of concern is the theft of sensitive company data.

“A majority of our clients are working with us to identify where they’re at from a data leakage prevention point of view. Applying at least some data leakage protection might be the first step,” he said.

WhiteGold’s Whitehand agrees – he believes the current economic downturn opens up opportunities around authentication products. “Strong authentication is going to be really [big],” he said.

We’re certainly going to be concentrating on authentication offerings and making sure the channel is well aware of what’s available so they can get it out there to the end-users who are going to need it.”

While, according to Symantec’s ‘Underground Economy Report’, cybercriminals are undergoing a booming trade, there is certainly no such luck in the real world economy. Vigilance is certainly required around pending attack trends for 2009, but whether end-users spend their dwindling profits on IT security is yet to be seen.

“Cost cutting will definitely prevail,” said Tom Piotrowski, managing director for UnixPac, who has been in the industry for 25 years, running UnixPac for 20. He said he can see what’s happening and what isn’t.

“I don’t have to cover the wool over my eyes,” he said.

“I can tell you we’ve got a slowdown and it’s very much because of procrastination and cost cutting.

“Lots of corporations are now thinking, they’ve been either over-spending or not spending wisely in security so they’re moving now to absolute essentials.”

According to Piotrowski, companies will look a little closer on what they’re spending and question those who are spending the company’s money.

They are at greater risk of explaining their spending. As a result, Piotrowski believes the answer is a great push towards regulatory compliance.

“They think if I do buy something under the cover of regulatory compliance such as PCI then I can’t be wrong.”

Whitehand said his company WhiteGold Solutions is yet to really see a slowdown overall. He admits some of the larger projects are slowing and agrees with Piotrowski.

He expects a spending cut and is now focusing on cost-efficient products.

“Some of the brands we have already fall into the cost-cutting category and we charge on a per user basis. I think people will be looking for that,” he said confidently.

Aside from opportunities in virtulisation security and data protection in 2009, what Nick Verykios, marketing director for Distribution Central is looking at doing next year and has already started to do is managed services.

He said this market is growing faster than the product business at Distribution Central.

“We’re building more and more wholesale managed services on our Firewatch Service, which is becoming our own wholesale managed service we sell to resellers who then sell these contracts to end-users.

“When they’re buying managed services they’re buying a service level agreement. That’s particular important to small to medium business,” he said.

In 2009, the distributor will also be advancing its portfolio of intrusion prevention technologies.

Piotrowski doesn’t believe 2009 will be the year for intrusion prevention intrusion, instead he continues to see potential in network access control NAC which has been slow in the making, but thinks maybe next year will be the right time.

In times of crisis, strategic planning and an eye for opportunity will help the channel battle through 2009. And as Piotrowski positively said times have been worse.

“We did actually see it slow down after the dotcom crash – in the early 2000s we slowed down 20-25 percent. I wouldn’t say we’ve slowed down that much now.”